Privacy policy - Borsolutions

Privacy notice Information about the Company, which processes your personal data:

Legal name – “BULGARIAN ONLINE RESEARCH” Ltd

UIN/BULSTAT – 131575135

Seat and registered office – Prof. Alexander Fol Str., 2B, Sofia

Address of correspondence – Prof. Alexander Fol Str., 2B, Sofia

Telephone number – +359 (0)2 4891414

E-mail – info@borsolutions.com

Website https://borsolutions.com

Information about the Data Protection Officer: Chavdar Georgiev

Legal name – “BULGARIAN ONLINE RESEARCH” Ltd

UIN/BULSTAT – 131575135

Seat and registered office – Prof. Alexander Fol Str., 2B, Sofia

Address of correspondence – Prof. Alexander Fol Str., 2B, Sofia

Telephone number – +359 (0)2 4891414

E-mail – info@borsolutions.com

Website https://borsolutions.com

Information about the Supervisory authority:

Legal name	Commission for personal data protection
Seat and registered office	2 Prof. “Tsvetan Lazarov” Blvd., Sofia 1592, Bulgaria
Address of correspondence	2 Prof. “Tsvetan Lazarov” Blvd., Sofia 1592, Bulgaria
Telephone number	02 9153518
Website	www.cpdp.bg

“BULGARIAN ONLINE RESEARCH” Ltd. (hereinafter referred to as “Data Controller”) carries out its activity in accordance with the Law on personal data protection and Regulation (EU) 2016/679 of the European Parliament and the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data. This information is meant to provide you with all aspects of the processing of your personal data by the Company and the rights you have in relation with this processing.

The basis for the collection, processing and storage of your personal data

Art. 1. “BULGARIAN ONLINE RESEARCH” collects and processes your personal data in connection with the use of the website https://borsolutions.com/ for the conclusion and for the performance of a contract with the Company under Art. 6, para. 1 and Art. 9, para. 2 Regulation (EU) 2016/679, and in particular under the following:

Taking steps on your request for concluding a contract, if you are a job candidate
Performance of a contract or taking steps for concluding a contract with trading

partner/client.

Processing is necessary for compliance with a legal obligation to which the Company

is subject;

Processing is necessary for the purposes of the legitimate interests pursued by the

Company or by a third party.

Obtained explicit consent from you when signing up for receiving a newsletter on the

registration form on the website;

Objectives and principles in the course of collection, processing and storage of your

personal data

Art. 2. (1) We collect and process the personal data which you provide us in relation to the

use of the website https://borsolutions.com/ and concluding a contract with the company, including

the following purposes:

using the website https://borsolutions.com/;
individualization of a party to the contract;
accounting purposes;
statistical purposes;
protection of information security;
ensuring the performance of the contract for the provision of the respective service;
sending newsletters if you have indicated you wish to receive such;
communication and answering to inquiries;
organizing games, raffles, campaigns and other events

(2) The Company adheres to the following Principles in the course of processing of your

personal data:

lawfulness, fairness and transparency;
purpose limitation of the processing personal data;
proportionality with the processing purposes and data minimisation;
accuracy and relevance of the data;
storage limitation in accordance with purpose achievement;
integrity and confidentiality of the processing and ensuring an adequate level of

security of the personal data.

(3) In the course of processing and storage of personal data, the Controller is entitled to

process and store the personal data for the purposes of performing its legal obligations and

protecting the following legitimate interests:

to perform its obligations towards state and municipal bodies and perform its

obligations under the applicable legislation and regulations;

protection against claims against the Company.

What type of data do we collect, process and store

Art. 3. The Company carries out the following operations with the personal data you provide

for the following purposes:

Conclusion and performance of an employment or a civil contract – the purpose of

this operation is to conduct a selection for the appointment of employees or persons on

a civil contract, the conclusion of the contract and its administration and

implementation by the company.

Conclusion and performance of a commercial transaction or contract with a

client or partner – the purpose of this operation is the conclusion and execution of a

contract with a commercial partner or client and its administration. In some cases, the

purpose of the operation may be the protection of the legitimate interests of the

company in the course of performing the contract. Due to the limited scope of the

collected personal data and the fact that some of the personal data is collected from

publicly available sources, an impact assessment is not necessary for this operation.

In its relations with its clients, the Company processes personal data in its capacity of

data processor for the personal data, which is assigned to the Company for processing

by clients. This also applies in the case of carrying on campaigns, landing pages,

marketing activities, games, websites, Facebook groups and pages and others. In this

case, the Company takes preliminary steps to ensure that your personal data is

processed lawfully and in accordance with GDPR requirements and follows the

explicit instructions of the client (data controller) in the course of processing. After the

completion of the respective activity, the Company transmits the data to the client (the

data controller) and deletes the personal data from its database.

Sending newsletters – The purpose of this operation is administration of the process

of sending newsletters to the persons who have stated that they wish to receive

newsletters. Due to the limited amount of data which is collected, carrying out an

impact assessment for this operation is not necessary.

Organizing and holding an event – the purpose of this operation is communication

with participant by email for the purpose of receiving information about the event,

identifying the data subject as a participant in the event; providing an opportunity to

participate in the event; making an inquiry by the individual in connection with the

event and providing feedback to him on this occasion; Obtaining results from a

training, survey or exam conducted at the event; Due to the limited scope of the

personal data collected and the small number of individuals whose personal data are

collected at the moment, it is not necessary to carry out an impact assessment of the

operation.

Processing of inquiries sent through the forms on the website https://borsolutions.com

– the purpose of this operation is to identify the data subject as an inquirer and sending

a response to an inquiry or offer. Due to the limited scope of the personal data

collected, it is not necessary to carry out an impact assessment of the operation.

Art. 4. (1) The Data Controller processes the following categories personal data and

information for the following purposes and on the following grounds:

Personal data of candidates for job/internships: (for the selection of job candidates

we process names, telephone number, email address, social media profile and personal

data that you have sent us in your CV and cover letter);

✔ Purpose for which the data is collected: 1) Individualization of the

candidate; 2) Communication with the candidate 3) Selection of candidates.

✔ Grounds for processing your personal data – processing is necessary for the

performance of a contract to which the data subject is party or in order to take

steps at the request of the data subject prior to entering into a contract – Art. 6,

para. 1, letter (b) GDPR.

Personal data for concluding a contract with a partner / client – legal entity:

(names of the legal representatives of legal entities and names and personal

identification number of proxies of legal entities)

✔ Purpose for which the data is collected: 1) Identification of the natural

person as a legal representative of a legal entity or trader for the purposes of

concluding and performing a contract and drawing up tax and accounting

documents and 2) Identifying the proxy in order to certify his representative

power.

✔ Grounds for processing your personal data – processing is necessary for the

performance of a contract to which the data subject is party or in order to take

steps at the request of the data subject prior to entering into a contract – Art. 6,

para. 1, letter (b) GDPR.

Data for concluding a contract with a partner / client – natural person: (names,

personal identification number, address, telephone number, e-mail address)

✔ Purpose for which the data is collected: 1) Identification of the person as a

partner / client, 2) Communication and 3) Execution of the contract.

✔ Grounds for processing your personal data – processing is necessary for the

performance of a contract to which the data subject is party or in order to take

steps at the request of the data subject prior to entering into a contract – Art. 6,

para. 1, letter (b) GDPR.

Personal data for sending a response to an inquiry sent through the forms on the

company’s website: (names, e-mail address)

✔ Purpose for which the data is collected: 1) Identification of the inquirer and

2) Making contact with the inquirer through the forms on the website and

sending a response to the inquiry.

✔ Grounds for processing your personal data – Your personal data for making

inquiries for digital marketing services and other inquiries are processed on the

basis of taking steps to conclude a contract or to perform a contract – Art. 6,

para. 1, letter (b) GDPR, as well as for the purposes of the legitimate interests

of the Data Collector – Art. 6, para. 1, p. (f) the GDPR, namely contacting the

inquirer.

Details for receiving the newsletter (email address, names)

✔ Purpose for which the data is collected: Sending a newsletter;

✔ Legal ground for processing of your data – The Data Controller processes

your data on the ground of given explicit consent – Art. 6, para. 1, letter (a)

GDPR.

Data of participants in events organized by the Data Collector (names, email

address)

✔ Purpose for which the data is collected – 1) Making contact with the person

and sending information to him and 2) For the purposes of registration for

participation in events.

✔ Grounds for processing your personal data – Your data for registration in an

event are processed on the basis of a legitimate interest of the controller or a

third party – Art. 6, para. 1, letter (f) the GDPR, namely for holding the event.

IP address data – Improving service security and interface localization, statistical and

marketing research;

✔ Purpose for which the data is collected: The company processes personal

data for IP address of an individual, visitor of the website, for the purpose of

improving the security of the service and identification of the user as a person

using the services from Bulgaria or another country.

✔ Grounds for data processing: The IP address is collected without it being

possible to identify a specific individual, ie. the data is collected in an

anonymized form on the ground of realization of the legitimate interests of the

Data Collector – art. 6, para. 1, letter (f) of the GDPR.

✔ The collection of this data is necessary for the technical functioning of the site.

(2) The Data Controller does not collect or process personal data related to the following:

revealing racial or ethnic origin;
disclosing political, religious or philosophical beliefs, or trade union membership;
genetic and biometric data, health data or data on sexual life or sexual orientation.

(3) Personal data is collected by the Data Collector from the persons to whom it relates.

(4) The Company does not perform automated data decision making.

(5) The company does not collect and process data for persons under 14 years of age, except

with the express consent of their parents or legal representatives.

Duration of personal data storage

Art. 5. (1) “BULGARIAN ONLINE RESEARCH” stores your personal data as a candidate for job/internship for period

no longer than 6 months from the moment of completion of recruitment and selection

procedures of employees / interns. After the expiration of the term, “BULGARIAN ONLINE RESEARCH” makes all reasonable efforts to delete and destroy all of your personal data without undue delay or to

make them anonymize (ie to make them in a form that does not reveal your identity), unless

you give your explicit consent your personal data to continue to be stored and processed in the

future.

(2) In case that the unapproved candidate for job/internship has provided original or notarized

copies of documents certifying physical and mental fitness, qualification degree, professional

experience or other circumstance, the Company returns these documents to the candidate

within 6 months from the end of the selection.

(3) The personal data of the partners and clients is stored for a period of 5 years from the date

of the termination of the contract or for longer period in case of legal proceedings or

administrative disputes for the purpose of protection of the legitimate interest of the company.

The accounting and tax documents are stored for the respective statutory term – up to 11

years.

(4) The Data Controller processes your personal data provided on the legal ground of consent,

until the explicit withdrawal of this consent.

(5) The Company stores the personal data of persons who have made an inquiry through the

form of the Company’s website, until the explicit withdrawal of the consent given by the

individual or 1 year from the last communication with the requester.

(6) The data of the participants in the events are stored until the explicit withdrawal of the

consent by the individual or until the end of the event.

(7) The Data Controller informs you in case that the period for the storage of personal data is

necessary to be extended in regard to performing legal obligation or in regard to legitimate

interests of the Company or other.

(8) The Data Controller stores the personal data that it is necessary to keep under the

applicable law for the relevant period.

Transmission of your personal data for processing

Art. 6. (1) The Data Controller is allowed on its own discretion to transmit part or all of your

personal data to personal data processors for performing the purposes of processing which

you have agreed, in compliance with the requirements of Regulation (EU) 2016/679 (GDPR).

(2) The Data Controller informs you in case of intention to transmit part or all of your

personal data to third countries or international organizations.

Your rights in the course of collection, processing and storage of your personal data

Withdrawal of consent for the processing of your personal data

Art. 7. (1) If you do not wish all or part of your personal data, which are processed on the

ground of given consent to continue to be processed by “BULGARIAN ONLINE RESEARCH” for specific or all purposes of processing, you may at any time withdraw your consent to processing by sending

request in free text to us or through functionality provided by us in Appendix № 1.

(2) The Data Controller could request you to certify your identity with the data subject by

requesting from you to present identification document on-the-spot.

(3) Withdrawal of consent does not affect the validity of the processing of personal data

provided by you until the withdrawal of consent.

(4) “BULGARIAN ONLINE RESEARCH” may continue to process some or all of your data if there is a legal

obligation to do so or for the purpose of protecting its legitimate interests.

(5) With regard to the legal representatives and natural persons-partners or clients under a

contract with the company, para. 4 will apply.

Right of access

Art. 8. (1) You have the right to request and receive confirmation from the Data Controller

whether personal data related to you are processed.

(2) You have the right to access data related to you, as well as information related to the

collection, processing and storage of your personal data.

(3) The Data Controller provides you with a copy of the processed personal data related to

you, in electronic or other appropriate form, upon request.

(4) Providing access to data is free of charge, but the Data Controller reserves the right to

impose an administrative fee in case of repetitive or excessive requests.

Right to correct or complete

Art. 9. You have the right to demand the Data Controller:

to rectify inaccurate or incomplete information concerning you directly;
to complete inaccurate or incomplete information concerning you directly.

Right to erasure (“Right to be forgotten”)

Art. 10. (1) You have the right to request the Data Controller to erase all or part of your

personal data, and the Data Controller has the obligation to erase such data without undue

delay, when one of the following grounds applies:

The personal data are no longer necessary in relation to the purposes for which they

were collected or otherwise processed;

You have withdrawn your consent on which the processing is based and where there is

no other ground for processing;

You have objected to the processing of personal data, relating to you, including for the

purposes of the direct marketing, and there are no legal grounds for the processing,

which have advantage;

The personal data have been unlawfully processed;
Personal data have to be erased for compliance with a legal obligation in Union or

Member State law to which the controller is subject

The personal data have been collected in relation to the offer of information society

services.

(2) The Data Controller is not obliged to erase the personal data, if he collects and process

them:

For exercising the right of freedom of speech and the right of information;
For compliance with a legal obligation which requires processing by Union or

Member State law to which the controller is subject or for the performance of a task

carried out in the public interest or in the exercise of official authority vested in the

controller;

For reasons of public interest in the area of public health;
For archiving purposes in the public interest, scientific or historical research purposes

or statistical purposes;

For the establishment, exercise or protection against legal claims.

(3) In case of an exercised right “to be forgotten”, the Company shall erase all your personal

data, except for:

Information which is necessary to certify that your right “to be forgotten” has been

exercised;

Technical information for the functioning of the website which cannot be connected to

your personality;

(4) To exercise your right to be forgotten, you need to send request in free text or on the

completed form in Annex № 2 by e-mail.

(5) The Data Collector may ask you to verify your identity with the identity of the data

subject.

(6) The Data Controller does not erase the personal data which it has a legal obligation to

store or which is necessary for proving its legitimate rights against claims against the

Company.

Right to restriction of processing

Art. 11. You have right to request the Controller to restrict the processing of the personal data,

concerning you, when:

The accuracy of the personal data is contested by you, for a period, which allows the

Data Controller to check the accuracy of the data;

The processing is unlawful, but you oppose the erasure of personal data, and request

only for the restriction of their usage;

The Data Controller no longer needs the personal data for the purposes of the

processing, but you require them for establishment, exercise or defence of legal

claims;

You have objected to processing pending the verification whether the legitimate

grounds of the Data Controller override those of yours.

Right to data portability

Art. 12. (1) In case you have given your consent for the processing of your personal data or

the processing is necessary for the performance of the contract with the Data Controller, or in

case your data is processed in an automated manner, you can, after identification before the

Data Controller:

ask the Data Controller to provide you with your personal data in a readable format

and transmit it to another Data Controller;

ask the Data Controller directly to transmit your personal data to another controller

designated by you, when this is technically possible.

(2) You can exercise your right to data portability by submitting a written text or filling in the

form in Appendix № 3.

Right to receive information

Art. 13. You have the right to require from the Controller to inform you about all recipients,

to whom your personal data, for which has been required rectification, erasure or restriction of

processing, have been disclosed. The Controller is allowed to refuse to provide this

information if this is impossible or involves disproportionate effort.

Right to object

Art. 14. You have the right to object at any time to processing of personal data concerning

you including processing for the purpose of profiling or direct marketing.

Your rights in case of personal data breach

Art. 15. (1) When the Data Controller detects personal data breach, which is likely to result in

a high risk to your rights and freedoms, the Data Controller communicates the personal data

breach to you without undue delay, as well as the measures taken or proposed to be taken by

the Company.

(2) The Data Controller is not obliged to inform you if:

The Data Controller has implemented appropriate technical and organizational

protection measures, and those measures were applied to the personal data affected by

the personal data breach;

The Data Controller has taken subsequent measures which ensure that the high risk to

your rights is no longer likely to materialize;

It would involve disproportionate effort.

Persons to whom your personal data is provided

Art. 16. (1) For the purposes of processing your personal data and fulfilling the contract, as

well as to provide the service in its full functionality and in view of your interests, “BULGARIAN ONLINE RESEARCH” may provide your data to third parties processing personal data who comply with all

requirements for legality and security in the processing and storage of your personal data. You

can get more detailed information about the processors of personal data by contacting us on

the contact details provided.

(2) The specified data processors and Controllers comply with all requirements for legality

and security in the processing and storage of your personal data and the Company enters into

contracts with data processors to guarantee their obligations to protect your personal data.

Art. 17. The Controller does not transfer your data in third countries.

Art. 18. In the event of a breach of your rights under the above or applicable data protection

law, you have the right to lodge a complaint with the Data Protection Commission as follows:

Legal name	Commission of personal data protection
Seat and registered office	2 Prof. Tsvetan Lazarov Blvd., 1592, Sofia, Bulgaria
Address of correspondence	2 Prof. Tsvetan Lazarov Blvd., 1592, Sofia, Bulgaria
Telephone number	02 9153518
Webpage	www.cpdp.bg

Art. 19. You could exercise all your rights related to the protection of your personal data

through the forms attached to this privacy notice. Of course, these forms are optional and you

could submit your requests in any form that contains a statement to that effect and identifies

you as the data subject.

Art. 20. If there is consent for transfer, the Data Controller describes the possible risks for the

transfer to third countries in case of lack of decision of an adequate level of protection and

appropriate means of protection.

Art. 21. The Company may amend the Privacy notice by posting a notification for that effect

on its website.

This Privacy notice is adopted on 23.10.2023

“BULGARIAN ONLINE RESEARCH” ensures that it will refer to this Privacy notice with a link to its website, by indication or in another appropriate way, ensuring that you have the opportunity to be informed with its content

Appendix № 1

Exemplary forms of withdrawal of consent for processing purposes

Your name*:

Feedback data (e-mail, telephone) *:

Legal name – “BULGARIAN ONLINE RESEARCH” Ltd

UIN/BULSTAT – 131575135

Seat and registered office – Prof. Alexander Fol Str., 2B, Sofia

Address of correspondence – Prof. Alexander Fol Str., 2B, Sofia

Telephone number – +359 (0)2 4891414

E-mail – info@borsolutions.com

Website https://borsolutions.com

☐ I withdraw my consent for collection, processing and storage of the following personal data, provided by me:

☐ All personal data provided by me

☐ Only these data …………………………………………………………….

For the following purposes:

☐ Following purposes: ……………………………………. ………………………………………………………….

☐ All purposes

☐ I declare that I am aware of the company’s conditions for providing the service after withdrawal of consent.

In case of violation of your rights under the abovementioned or under the applicable data protection legislation, you have the right to make a complaint to the Commission for Personal Data Protection as follows:


Legal name	Commission for Personal Data Protection
Seat and registered	2 Prof. Tsvetan Lazarov Blvd., Sofia 1592
Address of correspondence	2 Prof. Tsvetan Lazarov Blvd., Sofia 1592
Telephone number	02 9153518
Website	www.cpdp.bg

Signature:…………………………

Appendix № 2 –Request “to be forgotten” – for erasure of personal data related to me

Your name*:

Feedback data (e-mail, telephone) *:

Legal name – “BULGARIAN ONLINE RESEARCH” Ltd

UIN/BULSTAT – 131575135

Seat and registered office – Prof. Alexander Fol Str., 2B, Sofia

Address of correspondence – Prof. Alexander Fol Str., 2B, Sofia

Telephone number – +359 (0)2 4891414

E-mail – info@borsolutions.com

Website https://borsolutions.com

I request all personal data, which you are collecting, processing and storing, provided by me or third persons, which is related to me, according to the specified identification, to be erased from your database.

I declare that I am aware of the fact that all or part of my personal data may continue to be collected processed and stored from the collector for the purpose of performing legal obligations.


Legal name	Commission for Personal Data Protection
Seat and registered	2 Prof. Tsvetan Lazarov Blvd., Sofia 1592
Address of correspondence	2 Prof. Tsvetan Lazarov Blvd., Sofia 1592
Telephone number	02 9153518
Website	www.cpdp.bg

Signature:…………………………

Appendix № 3 – Request for portability of personal data

Your name*:

Feedback data (e-mail, telephone) *:

Legal name – “BULGARIAN ONLINE RESEARCH” Ltd

UIN/BULSTAT – 131575135

Seat and registered office – Prof. Alexander Fol Str., 2B, Sofia

Address of correspondence – Prof. Alexander Fol Str., 2B, Sofia

Telephone number – +359 (0)2 4891414

E-mail – info@borsolutions.com

Website https://borsolutions.com

I request all personal data related to me, which has been collected, processed and stored in your database to be sent to:

☐e-mail: ………………………………………………………………………………………..

☐ Collector – recipient of the data:

Name
Identification number (UIN, BULSTAT, other)
E-mail
API interface

Please, transmit my personal data in the following format:

☐XML

☐JSON

☐CSV

☐Other:…………………………………………………………………………………..

I wish my personal data in the chosen format to be transmitted to me or specified by me by

the Data Collector:

☐ to the specified e-mail or via API ………..

☐ to а physical carrier or electronic carrier (CD, DVD, USB) to your address


Legal name	Commission for Personal Data Protection
Seat and registered	2 Prof. Tsvetan Lazarov Blvd., Sofia 1592
Address of correspondence	2 Prof. Tsvetan Lazarov Blvd., Sofia 1592
Telephone number	02 9153518
Website	www.cpdp.bg

Signature:…………………………

Appendix № 4 –Request for rectification of personal data

Your name*:

Feedback data (e-mail, telephone) *:

Legal name – “BULGARIAN ONLINE RESEARCH” Ltd

UIN/BULSTAT – 131575135

Seat and registered office – Prof. Alexander Fol Str., 2B, Sofia

Address of correspondence – Prof. Alexander Fol Str., 2B, Sofia

Telephone number – +359 (0)2 4891414

E-mail – info@borsolutions.com

Website https://borsolutions.com

I request the following personal data which you collect, process and store, provided by me or

third party, related to me, to be rectified as it follows:

Personal data, which shall be rectified:

………………

I request the mentioned personal data to be rectified as it follows:

……………….


Legal name	Commission for Personal Data Protection
Seat and registered	2 Prof. Tsvetan Lazarov Blvd., Sofia 1592
Address of correspondence	2 Prof. Tsvetan Lazarov Blvd., Sofia 1592
Telephone number	02 9153518
Website	www.cpdp.bg

Signature:…………………………